IN THE CLAIMS 

This listing of the claim will replace all prior versions and listings of 
claim in the present application. 
Listing of Claims 

1 . (Currently Amended) A method of secure privacy notification, said 
method comprising the steps: 

dotorm i n i ng applying the regulatory compliance requirements for 
privacy notification of data subjects; 

transforming said requirements into electronic and non-electronic 
database query screens and forms; 

querying a remote and/or resident database for information fields 
contained within said query screens and forms; 

human or automated completion of said data screens; 

encryption/decryption of said data screens; 

human and/or automated conversion of data screens into privacy 
notification human readable formats; 

electronic and/or non-electronic data subject feedback response 
methods and means; and 

conversion of said data subjects feedback responses into database 
deletion, modification or correction of the data subject's information in 
accordance with said regulatory requirements. 

2. (Originally Presented) The method of claim 1 wherein said electronic 
privacy notification and feedback response is accomplished via a secure web 
portal. 
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3. (Originally Presented) The method of claim 1 wherein said electronic 
privacy notification and feedback response is accomplished via a secure e- 
mail system. 

4. (Originally Presented) The method of claim 1 wherein said electronic 
privacy notification and feedback response is accomplished using digital 
certificates comprising: 

a public or private, commercial or government registration 
authority; 

a public or private, commercial or government certificate 
authority; 

a digital signature encryption algorithm' 

a unique non-reputable uer electronic identity; 

issuance of x.509 compliant certificates specifically encoded via 

extension to alert data processor of the data subjects privacy 

preferences; and 

issuance of x.509 standard certificates specifically encoded via 
extension to alert data processors of legal and regulatory 
compliance requirements relevant to the data subjects privacy 
preferences. 

5. (Originally Presented) The method of claim 4 wherein said digital 
signature algorithm is SHA-1 with DSA. 

6. (Originally Presented) The method of claim 4 wherein said digital 
signature algorithm is an elliptic curve. 

7. (Originally Presented) The method of claim 6 wherein said elliptic curve 
is a Koblitz binary curve. 
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8. (Originally Presented) The method of claim 4 wherein said digital 
signature algorithm is a block cipher such as Rijndael. 

9. (Originally Presented) The method of claim 4 wherein the data subjects 
privacy preference is to "opt out" and where encoding the digital certificate to 
be easily read by visual inspection by distinct color coding. 

1 0. (Originally Presented) The method of claim 4 wherein the data subjects 
privacy preference is to "opt in" and where encoding the digital certificate to 
be easily read by visual inspection by distinct color coding. 

1 1 . (Originally Presented) The method of claim 4 including third party 
archiving of certificate for non-repudiation, compliance audit and send and 
receive functions. 

12. (Originally Presented) The method in claim 4 including the binding of a 
users identity and access authorizations to a physical device, such as a USB 
key, and challenging the key at a remote email server in order to gain access 
to the users authorized email box and messages. 

1 3. (Newly Added) An apparatus for protection of privacy and required 
notification of data subjects, said apparatus comprising: 

a determining device for determining the regulatory compliance 
requirements for said privacy and required notification of data subjects; 

a transforming device for transforming said compliance requirements 
into data field query screens; 

an query device for querying a database for information fields 
contained within said query screens; 

a completion device to facilitate completion and processing of said 
query screens with said information field; 
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an encryption device for non-repudiated encryption of the data 
obtained from said completed query screens; 

a decryption device for non-repudiated decryption and conversion of 
the data obtained from the completed query screens into compliant privacy 
notification of said data subjects in a human readable formats; 

a notification feedback device for providing data subject notification 
feedback; and 

a conversion device for conversion of said data subjects feedback 
response into correction, modification or deletion of the data subject's 
information in accordance with said regulatory requirements. 

14. (Newly Added) The apparatus of claim 13 further including a USB key that 
contains encryption and processing circuitry, authorized user bound identity 
information and volatile and/or non-volatile memory that stores the algorithms 
used to query for said data fields. 

15. (Newly Added) The apparatus of claim 13 further including a hardware 
firewall that contains encryption and processing circuitry, authorized user 
bound identity information and volatile and/or non- volatile memory that stores 
the algorithms used to query said data fields. 

16. (Newly Added) The apparatus of claim 13 further including a software 
firewall that contains encryption and processing instruction sets, authorized 
user bound identity information and volatile and/or non-volatile memory that 
stores the algorithms used to query said data fields. 

17. (Newly Added) The apparatus of claim 13, wherein said privacy regulatory 
compliance requirements are derived from the laws, rules and regulations 
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promulgated by Directive 95/46/EC of the European Parliament and of the 
Council of 24 October 1995. 

18. (Newly Added) The apparatus of claim 13, where in the privacy regulatory 
compliance requirements are derived from the laws, rules and regulations 
promulgated by The Health Information Technology for Economic and Clinical 
Health (HITECH) Act. 

19. (Newly Added) The apparatus of claim 13, wherein the privacy regulatory 
compliance requirements are derived from the laws, rules and regulations 
promulgated by The Health Insurance Portability and Accountability Act of 
1996 (HIPAA). 

20. (Newly Added) The apparatus of claim 13, wherein the privacy regulatory 
compliance requirements are derived from the laws, rules and regulations 
promulgated by the Gramm-Leach-Bliley Act of 1999.. 

21 . (Newly Added) The apparatus of claim 13, wherein the privacy regulatory 
compliance requirements are derived from the laws, rules and regulations 
promulgated by the Computer Security Act of 1987. 

22. (Newly Added) The apparatus of claim 13, wherein said electronic privacy 
notification and feedback response is accomplished via a secure socket layer 
web portal. 

23. (Newly Added) The apparatus of claim 13, wherein said electronic privacy 
notification and feedback response is accomplished via a secure e-mail 
system. 

24. (Newly Added) The apparatus of claim 13, where wherein said privacy 
notification and feedback 

response is accomplished via postal notification. 
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25. (New Added) The apparatus of claim 13, wherein said privacy notification 
and feedback response is accomplished via direct telephonic contact. 

26. (New Added) The method of claim 4, wherein the data subjects privacy 
preference is to "forget forever" and where encoding the digital certificate to 
be easily read by visual inspection by distinct color coding or other readily 
read privacy preference identification means. 

27. (Newly Added) The method of claim 4, including the binding of a user's 
identity and access authorizations to a physical device, such as a USB key, 
and challenging the key at a remote email server or secure web portal in order 
to gain access to the users authorized email or web messages. 

28. (New Added) The method in claim 4 including the binding of a user's 
identity and access authorizations to software tokens and challenging the 
tokens at a remote email server or secure web portal in order to gain access 
to the users authorized email or web messages. 
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